Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Course Of The Month
4 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Multiple users to access a remote VPN through one IP addy.
Posted on 2002-05-23
I'd like to use an added Win2K server on our small corporate network to do a job. The job: we access a remote network using one of a few IP addresses assigned to us. However, there are more users and individual PC's than there are IP addy's assigned to us and everyone has to switch from the internal DHCP IP addy to one of the assigned ones to access this remote network.
We use this VPN method to both browse a remote network in internet explorer and move files using Interdev. It'd be nice if we could get to the remote network by just typing in the URL in a browser without reassigning our machines with a new IP address acceptable to the remote network. Couldn't we get one machine, a server, to do some NAT or routing with one static IP address seen by the remote VPN serving network and then have all of the machines on our network somehow relate to our routing/ nat server to connect to the remote VPN network?
If so, in Win2K server, which service do I use? NAT actually doesn't seem right since we already have a DHCP server assigning IP's and a NAT server will want to do that (right?). Routing seems like a solution... I'm not sure.
Thanks!
We use this VPN method to both browse a remote network in internet explorer and move files using Interdev. It'd be nice if we could get to the remote network by just typing in the URL in a browser without reassigning our machines with a new IP address acceptable to the remote network. Couldn't we get one machine, a server, to do some NAT or routing with one static IP address seen by the remote VPN serving network and then have all of the machines on our network somehow relate to our routing/ nat server to connect to the remote VPN network?
If so, in Win2K server, which service do I use? NAT actually doesn't seem right since we already have a DHCP server assigning IP's and a NAT server will want to do that (right?). Routing seems like a solution... I'm not sure.
Thanks!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
- +1
5 Comments
Seems to me you should be able to have one Win2K box act as a DHCP server and VPN router. NAT server (or router or whatever) can be separate from the DHCP server. You just disable DHCP on the NATting device. I need to look up settings. Or someone else may answer that.
And yes - buying a small router with VPN and NAT ability would do the trick. Most have a little DHCP server built into it or you can use one of the Win2K boxes - whatever. The DHCP server should assign non-routable addresses to everyone in your office. You set up the VPN tunnel such that only traffic destined for the other office get's sent down the tunnel to the other office. And that traffic would not be NATted. Traffic destined for the Internet would be NATted and sent directly to the Internet.
A Cisco router would handle this no problem. But I'm sure there are other Cheapies down at Fry's or CompUSA that could handle the same job for a couple hundred bucks.
A Cisco router would handle this no problem. But I'm sure there are other Cheapies down at Fry's or CompUSA that could handle the same job for a couple hundred bucks.
In Windows 2000 Server, you have Routing and Remote Access Service.
1. Set your server up as a VPN Server.
2. Create Demand-Dial Interface, specifying the remote network VPN server in the destination.
3. Create a static route, with the following:
Interface: <Demand-dial_interface_you
Network: 0.0.0.0
Netmask: 0.0.0.0
End result of above is that your Windows 2000 Server will be the only VPN client (utilising the only IP address available) and the remainder of your branch office network will be routed to the remote network.
Regards,
Nenadic
1. Set your server up as a VPN Server.
2. Create Demand-Dial Interface, specifying the remote network VPN server in the destination.
3. Create a static route, with the following:
Interface: <Demand-dial_interface_you
Network: 0.0.0.0
Netmask: 0.0.0.0
End result of above is that your Windows 2000 Server will be the only VPN client (utilising the only IP address available) and the remainder of your branch office network will be routed to the remote network.
Regards,
Nenadic
hadachek:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
Active today
hadachek
Is this problem still ongoing? The solutions above will work?
Either a server performing NAT or a Router as allready suggested will cure this problem. However most medium to large companies employ this functionality in their firewall, for example my network uses a PIX firewall to NAT my eternal address which is registered 194.189.188.0 to my internal addresses which are all 172.16.0.0 I also have internal registered subnets but the NAT is only performed on the 172 addresses.
I am not a fan of mounting NAT on a server (No matter where it is in the network) the first point of call security wise on your LAN should be your firewall.
Also using this method inbound VPN is a breeze to set up, using Cisco's own secure client.
Pete
Is this problem still ongoing? The solutions above will work?
Either a server performing NAT or a Router as allready suggested will cure this problem. However most medium to large companies employ this functionality in their firewall, for example my network uses a PIX firewall to NAT my eternal address which is registered 194.189.188.0 to my internal addresses which are all 172.16.0.0 I also have internal registered subnets but the NAT is only performed on the 172 addresses.
I am not a fan of mounting NAT on a server (No matter where it is in the network) the first point of call security wise on your LAN should be your firewall.
Also using this method inbound VPN is a breeze to set up, using Cisco's own secure client.
Pete
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month4 days, 5 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.